ROPSHELL 
ropshell> use b7d3143f2d98d9b5eb79d2c8339192ab (download)
name         : ntdll.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 7276

ropshell> suggest
call
    > 0x180006e7a : call rax
    > 0x1800122bb : call rbx
    > 0x180092c9d : call rcx
    > 0x18004047d : call rdx
    > 0x180122f86 : call rsp
jmp
    > 0x18005fd82 : push rsp; ret
    > 0x18004c2fd : jmp rax
    > 0x180059b95 : jmp rbx
    > 0x180016867 : jmp rcx
    > 0x18000d5a8 : jmp rdx
load mem
    > 0x1800e32f0 : movzx eax, [rcx]; ret
    > 0x1800a8082 : mov eax, [rcx + 0x16b0]; ret
    > 0x180048049 : mov eax, [r8 + 0x38]; ret
    > 0x1800a5abb : movzx eax, [rdx]; and al, 1; ret
    > 0x180124bb6 : movzx ecx, [rdx]; sub eax, ecx; ret
load reg
    > 0x180063089 : pop rax; ret
    > 0x180001458 : pop rbx; ret
    > 0x18011e06e : pop rcx; ret
    > 0x1800de882 : pop rdx; ret 9
    > 0x18000303e : pop rsi; ret
pop pop ret
    > 0x18011e70a : pop r11; ret
    > 0x18011e708 : pop r10; pop r11; ret
    > 0x180062235 : pop r12; pop rbp; pop rbx; ret
    > 0x1800982aa : pop r12; pop rdi; pop rbp; pop rbx; ret
    > 0x180002f45 : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x1801606a8 : add rsp, 0x10; ret
    > 0x1801606a8 : add rsp, 0x10; ret
    > 0x180003cc0 : add rsp, 0x28; ret
    > 0x18001264f : add rsp, 0x38; ret
    > 0x1800dca46 : add rsp, 0x438; ret
stack pivoting
    > 0x18000eedc : xchg eax, esp; ret
    > 0x18003e594 : mov rsp, r11; pop r14; ret
    > 0x18003e595 : mov esp, ebx; pop r14; ret
    > 0x18000583a : lea rsp, [rbp + 0x10]; pop rbp; ret
    > 0x18000583b : lea esp, [rbp + 0x10]; pop rbp; ret
syscall
    > 0x18015bb62 : syscall ; ret
write mem
    > 0x18011ce17 : adc [rax], r10; ret
    > 0x18011ce18 : adc [rax], edx; ret
    > 0x180065311 : add [rbx], edi; ret
    > 0x180161cc8 : adc [rdx], eax; ret
    > 0x18009f8d6 : add [rdi], ecx; ret

© 2014 - 2019 - Powered by ROPEME | Contact